cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
brock_101
Frequent Visitor

On Premise Data Gateway Permissions Only Working for Individuals

We have the On-Premises Data Gateway installed and running successfully (v 14.16.6584.1). We have created a PowerApp that connects to on-premise SharePoint 2016 list data via the gateway. Permissions to the SharePoint list are assigned via an AD security group and the PowerApp is also shared with the same AD security group with 'Can Use' permissions. We also have to assign permissions on the Gateway which we do in web.powerapps.com by navigating to 'Gateways' > selecting our gateway > Users. Here we add the users of the app with 'Can Use' permissions on the gateway. When the user runs the app for the first time, they are prompted to allow the SharePoint connection and have to enter their username and password, once they do this the app runs and connects to the data successfully. However, if we remove the individual user from the Gateway permissions and instead add the AD security group that the user belongs to with 'Can Use' permissions on the gateway, when the app is run for the first time and the user is prompted to allow the SharePoint connection, when they enter their credentials they receive the error message: "We weren't able to add this connection. Please try again" "PowerBINotAuthorizedException Session ID: [GUID]" The same problem occurs if we click the 'Add everyone in my org' button on the gateway permissions and add 'Can use' permissions for the whole organisation. We have ensured that the AD security group is synchronised correctly via DirSync and have logged the user out and back in before testing but the problem persists. There is no information in the gateway server logs relating to this, even after enabling enhanced logging. It seems that only individuals added to the gateway permissions are recognised. Any groups fail. This presents a problem when we need to share an app using a gateway connection with a large number of users as it's not practical to add hundreds of users individually. It's important to note that once the connection has been added successfully it will tend to work when the individual user is removed and replaced by a group on the gateway permissions so to recreate the error you must delete the SharePoint connection from the 'Connections' menu before running the PowerApp again so that it prompts to allow the connection when the app is launched.
2 REPLIES 2
Anonymous
Not applicable

I'm sorry I don't have the answer, but we are planning to do the same thing. And getting the same error.

It's been a while since we looked at this...  We did have a case open with MS but never got a resolution. 

 

I think one of the updates to the gateway got the 'add everyone in the organisation' permission on the gateway working so that individuals didn't have to be added but we never got AD groups to work!

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors
Top Kudoed Authors
Users online (3,003)